Fleet Telemetry · System Map

Uber Fleet —
Driver Monitoring & Coaching

Architecture & verified data flow · Uber Driver v4.580.10000 static analysis

● Smoke test · PASSED com.ubercab.driver · 32-bit ABI Companion overlay → Owner dashboard →

Two legitimate data sources only. We never tamper with the Uber Driver app — its RASP engine + Play Integrity would ban the driver account for fraud. All ride data flows through Uber's official Supplier Platform API; device data comes only from phones we own.

Data flow

Source · Uber officialAPI

Uber Supplier Platform

Vehicle Solutions · OAuth2 client-credentials · per-driver hours, trips, status, GPS.

Realtime Driver Status Changewebhook · signed

Source · we own itmanaged

Company phone · Android Enterprise (managed)

Observe-only — we see the foreground app + duration during shifts. No apps are blocked or closed.

UsageStatsManager agentKotlinmonitor-only · no hard block

signed webhook · HMAC-SHA256

POST /ingest/device-usage

api-integration · Bun/TS:8788

Webhook receiver & forwarder

Verify HMAC signature → normalize raw status → emit a versioned event.

webhook.ts→ emit → forwarder.ts→ POST → /ingest/uber-status

wire contractstrict

Device telemetry payload

bare JSON arrayISO-8601 tsX-Usage-Accessno screen content

normalized status event

correlation-backend · Bun/TS + PostgreSQL:8787

Ingest · validate · correlate

zod-validated ingest → trip-builder folds the lifecycle into sessions & trips → rules engine joins on-trip windows × foreground app. Also ingests Fleet-Dashboard acceptance / cancellation rates → flags drivers getting requests but not taking them.

zod validationtripBuilderrules engine idle-but-onlineutilization % low_acceptancehigh_cancellationGDPR erase_driver()

coaching flags

storePostgres

Coaching flags

package + category + duration + overlap. Content-free by design.

human in the loopreview

Owner dashboard · coaching queue

Flags drive schooling & coaching — advisory, not auto-discipline.

Driver status lifecycle

offline→ online→ enroute→ pickup→ on_trip · passenger on board→ dropoff

The headline rule & its proof

Correlation rule · high severity

A DISTRACTING app in the foreground while status = on_trip ⇒ a high-severity coaching flag.

e.g. TikTok open with a passenger on board. Merely enroute (no passenger yet) → medium.

End-to-end smoke test 20 / 20 ✓

✓ signed webhook → forwarder → backend
✓ trip-builder created the on_trip window
✓ TikTok 60s overlap ⇒ HIGH flag raised
✓ Maps (ALLOWED) ⇒ no flag (negative control)
✓ 55% acceptance ⇒ low_acceptance flag; 92% ⇒ none
✓ stores package + category + duration only — no screen content

Compliance gate · Germany / EU

GDPR §26 BDSG · employee data §87(1)(6) BetrVG · Betriebsrat agreement §201 StGB · no audio recording working-hours only no off-shift tracking short retention DPIA before go-live